Security Update
Ted Manka <ted.manka@hp.com>
Mon 3/16/2015 12:21 PM
To:
Knicely, Jim;
To help protect your privacy, some content in this message has been blocked. To re-enable the blocked features, click here.
To always show content from this sender, click here.
Action Items

Dear Support Contact,

HP Vertica is affected by the Ghost glibc vulnerability.

The Ghost glibc vulnerability affects most Linux distributions and gives attackers the ability to execute malicious code on servers used to deliver e-mail, host webpages, and carry out other vital functions.

"The Linux GNU C Library (glibc) versions 2.2 and other 2.x versions before 2.18 are vulnerable to remote code execution via a vulnerability in the gethostbyname function. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

US-CERT recommends users and administrators refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch if affected. Patches are available from Ubuntu (link is external), Red Hat (link is external), and Debian. The GNU C Library versions 2.18 and later are also available for experienced users and administrators to implement."
As always please make any changes to your development/QA regions and test with full production load before migrating any changes into production clusters.

Periodically HP Vertica may identify significant security vulnerabilities in the software or components we depend upon. We will make every effort to proactively notify customers of affected versions and will do our best to provide workarounds while we address the problem. If you want to opt out of these notifications, please notify the HP Vertica Technical Support team.

We will be releasing new AMI/VM images with the updated libraries. You can manually patch your VMWare image or AMI if you want to address this issue before the images are available.

Thank you,

Follow us on twitter, @verticahelp

vertica_os.png (26.18 KiB) Viewed 1956 times

Jim Knicely

Note: I work for Vertica. My views, opinions, and thoughts expressed here do not represent those of my employer.